Hi. I got a friend who hosts a tweaked server for me, and he isn't really a super-pro in configuring apache and that other stuff. Lately I've started using .htaccess and .htpasswd for password protection on some folders in the server, but for some reason i've bumped into a huge problem. If I for some reason enter a wrong username or password only once, the server asks for them again, but it doesnt matter. After the one time, it bans my ip for 60 minutes. Is it some command in apache that does this, and how can it be repaired? I'll post the .htaccess code here: AuthUserFile /home/username/folder/.htpasswd AuthGroupFile None AuthName "Authorization required" AuthType Basic require valid-user .htpasswd is just usernameasswordmd5hash
this PROTECTION of your access protected folders is normally done by fail2ban or similar server-security software instead of "repairing" your mistakes I recommend that YOU learn to avoid wrong passwords !! such protection is a hacker protection for SERVER and all hosted sites to avoid repeated ( thousands or more ) attempts of login until success you should be grateful that your IP ONLY is banned for 60 minutes - myself I ban for approximately 10 years asking host to remove such hacker protection would jeopardize the hosts peace of mind and server as well as ALL sites hosted on same server ! instead learn to use proper browser such as firefox - save password in browser or keep your password in a secure file and copy/paste when needed rather than mistyping
So you did not read my message? This server his hosted by a friend that im in contact with daily. Even he doesn't know the problem and I believe his first thoughts were some safety-program to do this kind of banning but he hasnt said anything and we've tried to figure this out extensively. And yes, I would understand the BAN to happen after let's say 5 attempts, but this is much more than that. It ban's after 1 attempt. So no, your answer was not helpful.
i certainly read your full message even if hosted by a friend there might be security software installed in the installation package he choose to install his server ( you mention no where his OS dist nor apache version ...) and NO it is quiet common that a ban occurs latest after less than 3 attempts ( fail2ban default is 3) unless otherwise configured. my own servers ban after ONE (1) failed attempt because authorized qualified users NEVER make failed logins with all the modern browsers we have and with serverkey authentication used in modern login procedures. all such security features are commonly in either apache with any of available plugins or security software ( snort) etc